Administrative user

It depends on how you are passing it around.

I have a system where users log in, but access to some objects is
further protected by a password. Entering this password allows users
to manage that one object. Users can be authorized to modify multiple
objects at once.
I use session variables, and set them as such: